package org.luxor.cloud.gateway.config;

import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.ConfigurationProperties;

/**
 * Web Security 配置项
 *
 * @author Mr.Yan  @date: 2020/9/14
 */
@ConfigurationProperties(prefix = WebSecurityProperties.PREFIX)
public class WebSecurityProperties {
    public static final String PREFIX = "spring.security";

    public static Logger logger = LoggerFactory.getLogger(WebSecurityProperties.class);

    private final Boolean DEFAULT_ENABLED = Boolean.TRUE;
    private final Boolean DEFAULT_DEBUG_MODLE = Boolean.FALSE;
    private final Integer DEFAULT_ACCESS_TOKEN_VALIDITY_SECONDS = 60 * 60 * 60 * 12;
    private final Integer DEFAULT_REFRESH_TOKEN_VALIDITY_SECONDS = 60 * 60 * 60 * 24 * 30;

    /**
     * 默认白名单
     */
    String[] DEFAULT_ANON_URIS = new String[]{"/", "/error", "/favicon.ico", "/csrf"
            , "/actuator/**", "/webjars/**", "/swagger-**", "/swagger-resources/**", "/v2/api-docs"};

    /**
     * 开启安全验证功能?
     */
    private boolean enabled;

    /**
     * 调试模式？
     */
    private boolean debugMode;

    /**
     * 免认证资源路径，支持通配符
     * 多个值时使用逗号分隔
     */
    private String anonUris;

    /**
     * accessToken有效时长(单位秒，默认12小时)
     */
    private Integer accessTokenValiditySeconds;

    /**
     * refreshToken有效时长(单位秒，默认30天)
     */
    private Integer refreshTokenValiditySeconds;

    public WebSecurityProperties() {
        this.enabled = DEFAULT_ENABLED.booleanValue();
        this.debugMode = DEFAULT_DEBUG_MODLE.booleanValue();
        this.accessTokenValiditySeconds = DEFAULT_ACCESS_TOKEN_VALIDITY_SECONDS;
        this.refreshTokenValiditySeconds = DEFAULT_REFRESH_TOKEN_VALIDITY_SECONDS;
    }

    public boolean isEnabled() {
        return enabled;
    }

    public void setEnabled(boolean enabled) {
        this.enabled = enabled;
    }

    public boolean isDebugMode() {
        return debugMode;
    }

    public void setDebugMode(boolean debugMode) {
        this.debugMode = debugMode;
    }

    public String[] getAnonUris() {
        if (isEnabled()) {
            String[] anonUrls = StringUtils.splitByWholeSeparatorPreserveAllTokens(anonUris, ",");
            return ArrayUtils.addAll(DEFAULT_ANON_URIS, anonUrls);
        } else {
            return new String[]{"/**"};
        }
    }

    public void setAnonUris(String anonUris) {
        this.anonUris = anonUris;
    }

    public Integer getAccessTokenValiditySeconds() {
        return accessTokenValiditySeconds;
    }

    public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) {
        if (accessTokenValiditySeconds > refreshTokenValiditySeconds) {
            logger.warn("accessToken有效期不能大于refreshToken！");
        }
        this.accessTokenValiditySeconds = accessTokenValiditySeconds;
    }

    public Integer getRefreshTokenValiditySeconds() {
        return refreshTokenValiditySeconds;
    }

    public void setRefreshTokenValiditySeconds(Integer refreshTokenValiditySeconds) {
        if (accessTokenValiditySeconds > refreshTokenValiditySeconds) {
            logger.warn("refreshToken有效期不能小于accessToken！");
        }
        this.refreshTokenValiditySeconds = refreshTokenValiditySeconds;
    }

}
